{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32780?format=json","vulnerability_id":"VCID-74d5-h6tu-zbg6","summary":"Cross-Site Scripting in bootstrap-select\nVersions of `bootstrap-select` prior to 1.13.6 are vulnerable to Cross-Site Scripting (XSS).  The package does not escape `title` values on `<option>` tags. This may allow attackers to execute arbitrary JavaScript in a victim's browser.\n\n\n## Recommendation\n\nUpgrade to version 1.13.6 or later.","aliases":[{"alias":"GHSA-9r7h-6639-v5mw"},{"alias":"GMS-2020-125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72832?format=json","purl":"pkg:npm/bootstrap-select@1.13.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.13.6"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/245932?format=json","purl":"pkg:npm/bootstrap-select@1.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/245933?format=json","purl":"pkg:npm/bootstrap-select@1.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/245934?format=json","purl":"pkg:npm/bootstrap-select@1.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/245935?format=json","purl":"pkg:npm/bootstrap-select@1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/245936?format=json","purl":"pkg:npm/bootstrap-select@1.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/245937?format=json","purl":"pkg:npm/bootstrap-select@1.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/245938?format=json","purl":"pkg:npm/bootstrap-select@1.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/245939?format=json","purl":"pkg:npm/bootstrap-select@1.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/245940?format=json","purl":"pkg:npm/bootstrap-select@1.7.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.7.7"},{"url":"http://public2.vulnerablecode.io/api/packages/245941?format=json","purl":"pkg:npm/bootstrap-select@1.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/245942?format=json","purl":"pkg:npm/bootstrap-select@1.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/245943?format=json","purl":"pkg:npm/bootstrap-select@1.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/245944?format=json","purl":"pkg:npm/bootstrap-select@1.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/245945?format=json","purl":"pkg:npm/bootstrap-select@1.9.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.9.4"},{"url":"http://public2.vulnerablecode.io/api/packages/245946?format=json","purl":"pkg:npm/bootstrap-select@1.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.10.0"},{"url":"http://public2.vulnerablecode.io/api/packages/245947?format=json","purl":"pkg:npm/bootstrap-select@1.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/245948?format=json","purl":"pkg:npm/bootstrap-select@1.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/245949?format=json","purl":"pkg:npm/bootstrap-select@1.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.11.2"},{"url":"http://public2.vulnerablecode.io/api/packages/245950?format=json","purl":"pkg:npm/bootstrap-select@1.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.12.0"},{"url":"http://public2.vulnerablecode.io/api/packages/245951?format=json","purl":"pkg:npm/bootstrap-select@1.12.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.12.1"},{"url":"http://public2.vulnerablecode.io/api/packages/245952?format=json","purl":"pkg:npm/bootstrap-select@1.12.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.12.2"},{"url":"http://public2.vulnerablecode.io/api/packages/245953?format=json","purl":"pkg:npm/bootstrap-select@1.12.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.12.3"},{"url":"http://public2.vulnerablecode.io/api/packages/245954?format=json","purl":"pkg:npm/bootstrap-select@1.12.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.12.4"},{"url":"http://public2.vulnerablecode.io/api/packages/245955?format=json","purl":"pkg:npm/bootstrap-select@1.13.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.13.0-alpha"},{"url":"http://public2.vulnerablecode.io/api/packages/245956?format=json","purl":"pkg:npm/bootstrap-select@1.13.0-beta","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.13.0-beta"},{"url":"http://public2.vulnerablecode.io/api/packages/245957?format=json","purl":"pkg:npm/bootstrap-select@1.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.13.0"},{"url":"http://public2.vulnerablecode.io/api/packages/245958?format=json","purl":"pkg:npm/bootstrap-select@1.13.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.13.1"},{"url":"http://public2.vulnerablecode.io/api/packages/245959?format=json","purl":"pkg:npm/bootstrap-select@1.13.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.13.2"},{"url":"http://public2.vulnerablecode.io/api/packages/245960?format=json","purl":"pkg:npm/bootstrap-select@1.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/245961?format=json","purl":"pkg:npm/bootstrap-select@1.13.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.13.4"},{"url":"http://public2.vulnerablecode.io/api/packages/245962?format=json","purl":"pkg:npm/bootstrap-select@1.13.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-74d5-h6tu-zbg6"},{"vulnerability":"VCID-gj58-zp49-2bdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap-select@1.13.5"}],"references":[{"reference_url":"https://github.com/dimpu/ngx-md/issues/129","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dimpu/ngx-md/issues/129"},{"reference_url":"https://github.com/snapappointments/bootstrap-select","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/snapappointments/bootstrap-select"},{"reference_url":"https://github.com/snapappointments/bootstrap-select/issues/2199","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/snapappointments/bootstrap-select/issues/2199"},{"reference_url":"https://www.npmjs.com/advisories/1522","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1522"},{"reference_url":"https://github.com/advisories/GHSA-9r7h-6639-v5mw","reference_id":"GHSA-9r7h-6639-v5mw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9r7h-6639-v5mw"}],"weaknesses":[{"cwe_id":79,"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-74d5-h6tu-zbg6"}